Apparently one of our partners is looking at replacing their various
internal system and application passwords, which are subject to password
strength policies and regular expiration, with a universal passphrase,
which must be somewhat long, but which users can keep unchanged for about
a year at a time.
This is an interesting approach to the age-old password management
problem that most organizations face and it got me thinking about just
how secure passphrases really are.
Others have written on this subject, so I’ll try not to repeat too much:
I also talked to a friend of mine, who happens to be a linguist and knows
a thing or two about entropy in English-language text.
The bottom line is pretty simple:
* Users will most likely choose a series of words for passphrases.
Perhaps a sentence, which means something to them.
* There aren’t that many commonly used words in the English language.
I ran an analysis against all my mail folders, and found fewer than
20,000 distinct words (i.e., letter sequences that appear at least twice
in message text).
* If we assume a 5-word passphrase, the size of the search
space is at most 20k ^ 5 or 3.2 * 10^21 — sounds secure!
* BUT … the 100 most popoular words in my mail folder represented
over 50% of the word occurrences, so the real entropy is more like
200^5 or 300^5 — 3.2 * 10^11 to 2.43 * 10^12.
* This doesn’t even take into account grammar, which should make
some word pairs much more likely than others. I’d take 3*10^11
as a definite upper bound on the security of an English passphrase!
* My linguist friend suggested that the average entropy of a letter
in an English word is no more than 1.5 bits — if it were higher,
English would be too hard for us to learn. Since English words average
about 5 letters, that suggests an equivalent password strength of
1.5 ^ (5 * 5) = 25000. That seems a bit low to me — a lower bound?
In comparison, consider an 8 character password, with mixed case,
digits and 3 possible punctuation marks. Assume it’s really random —
password choice is subject to a policy engine which prevents the use of
dictionary words, etc. Such passwords should have an entropy of something
like (26+26+10+3)^8 = 3.2 * 10^14.
This makes the whole passphrase proposition sound a bit fishy to me.
Organizations should either use a *really long* passphrase, or still
require mixed case, special characters, etc. in their passphrase.
But if they do that — will users really benefit from passphrases?
Won’t they just be really really long passwords, which users still hate
and are even more likely to write down?
Of course, organizations could just stick with the “evil” they know
— modest-length passwords, that are subject to complexity rules and
change every 2-3 months. This structure has been analyzed to death and
we have a pretty good idea of how secure they are (or aren’t, depending
on the rules, etc.).